about summary refs log tree commit diff

Tools, scripts, and configurations for my machines.

Secret management with agenix

I use [agenix](https://github.com/ryantm/agenix) to manage secrets.

Create a new secret

To create a new secret:

cd secrets
agenix -e <name of the secret>.age

Manage the secrets

In secrets.nix you need to add the secret and who need to have access to it.

In the configuration for one of the host, you'll then need to add:

age.secrets.restic = {
    file = ../../../secrets/restic-backups.age;
    owner = "root";
    group = "root";
    path = "/etc/restic/secret";
    mode = "600";
};

Edit secrets

This is the easiest command to work with 1password:

agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)

There's a target in the Justfile to edit the secrets: just secrets <secret-name>.

Services

ddns-updater

This service runs on vm-synology.

There's a web UI accessible at http://vm-synology:8000 to check the status of the updates.